You can limit who can get the permissions based on certificate, to control who can get the permission, using android:protectionLevel="signature".
The package name is not secure at all -- anyone can write an app with a particular package name, you have no idea what app it actually is based on that. If you really want to do this based on package name, you can implement the security check yourself at the points of call into your content provider (such as the query() method) -- you can use Binder.getCallingUid() to find out who is calling you and the PackageManager to find the package(s) associated with that. The platform doesn't provide any easy way to to this, though, because it is does not provide any actual security. On Tue, Jul 14, 2009 at 8:37 AM, AndroidKing <[email protected]> wrote: > > Thanks for the reply > > That doesn't really help > I want to limit the access based on the package name. > The package name will have different signature from my App. > I added android:readPermission and android:writePermission to the > content provider > but what is the use, any package can add these two permissions and > still access the content provider > I think Android is missing the access limitation... > > any other way??? > > > On Jul 14, 2:23 am, Dianne Hackborn <[email protected]> wrote: > > By far the easiest way is to do this based on app certificates -- just > use > > android:readPermission and android:writePermission in the manifest, and > > declare the permission you are using there with <permission> to be > > android:protectionLevel="signature". Then only apps signed with the same > > certificate as your own will be able to get the permission, and thus able > to > > read/write the provider. > > > > On Mon, Jul 13, 2009 at 6:27 PM, AndroidKing <[email protected]> > wrote: > > > > > is there an easy way to limit my content provider access to only one > > > or more packages > > > I don't want other packages to access my data > > > > > I looked at grantUriPermission but its not straight forward and it > > > doesn't work > > > > > any ideas? > > > > -- > > Dianne Hackborn > > Android framework engineer > > [email protected] > > > > Note: please don't send private questions to me, as I don't have time to > > provide private support, and so won't reply to such e-mails. All such > > questions should be posted on public forums, where I and others can see > and > > answer them. > > > -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
